X509_check_purpose - Check the purpose of a certificate
#include <openssl/x509v3.h>
int X509_check_purpose(X509 *x, int id, int ca);This function checks if certificate x was created with the purpose represented by id. If ca is nonzero, then certificate x is checked to determine if it's a possible CA with various levels of certainty possibly returned. The certificate x must be a complete certificate otherwise the function returns an error.
Below are the potential ID's that can be checked:
# define X509_PURPOSE_SSL_CLIENT 1
# define X509_PURPOSE_SSL_SERVER 2
# define X509_PURPOSE_NS_SSL_SERVER 3
# define X509_PURPOSE_SMIME_SIGN 4
# define X509_PURPOSE_SMIME_ENCRYPT 5
# define X509_PURPOSE_CRL_SIGN 6
# define X509_PURPOSE_ANY 7
# define X509_PURPOSE_OCSP_HELPER 8
# define X509_PURPOSE_TIMESTAMP_SIGN 9
# define X509_PURPOSE_CODE_SIGN 10The checks performed take into account the X.509 extensions keyUsage, extendedKeyUsage, and basicConstraints.
For non-CA checks
For CA checks the below integers could be returned with the following meanings:
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.